This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new b3b7db7 Fix dynamic-stack-buffer-overflow of cachekey plugin (#7945)
b3b7db7 is described below
commit b3b7db7250aaa78df735c1044139bd9a97404054
Author: Masaori Koshiba <[email protected]>
AuthorDate: Thu Jun 17 08:55:13 2021 +0900
Fix dynamic-stack-buffer-overflow of cachekey plugin (#7945)
* Fix dynamic-stack-buffer-overflow of cachekey plugin
* Check dst_size include null termination
(cherry picked from commit 5a9339d7bc65e1c2d8d2a0fc80bb051daf3cdb0b)
---
plugins/cachekey/cachekey.cc | 2 +-
proxy/logging/LogUtils.cc | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/plugins/cachekey/cachekey.cc b/plugins/cachekey/cachekey.cc
index 5f12889..44925b3 100644
--- a/plugins/cachekey/cachekey.cc
+++ b/plugins/cachekey/cachekey.cc
@@ -41,7 +41,7 @@ appendEncoded(String &target, const char *s, size_t len)
return;
}
- char tmp[len * 2];
+ char tmp[len * 3 + 1];
size_t written;
/* The default table does not encode the comma, so we need to use our own
table here. */
diff --git a/proxy/logging/LogUtils.cc b/proxy/logging/LogUtils.cc
index 4ec68e9..c3f79a0 100644
--- a/proxy/logging/LogUtils.cc
+++ b/proxy/logging/LogUtils.cc
@@ -360,7 +360,7 @@ escapify_url_common(Arena *arena, char *url, size_t len_in,
int *len_out, char *
//
size_t out_len = len_in + 2 * count;
- if (dst && out_len > dst_size) {
+ if (dst && (out_len + 1) > dst_size) {
*len_out = 0;
return nullptr;
}
